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WE CLAIM: 

1 . An architecture for intercepting and processing packets transmitted from a source 
to a destination over a network, the architecture comprising: 

a packet interceptor coupled with said network and operative to selectively 
intercept said packets prior to receipt by said destination; 

at least one primary processor coupled with said packet interceptor and 
operative to perform primary processing tasks on said intercepted packets, said at 
least one stateless processor including: 

at least two primary packet processors coupled in parallel, 
said processing of said intercepted packets being distributed among 
said at least two primary packet processors; 
at least one secondary processor coupled with said at least one stateless 
processor and operative to perform stateful processing tasks on said intercepted 
packets, said at least one secondary processor including: 

at least two secondary packet processors coupled in series 
with each other, each of said at least two secondary packet 
processors operative to perform a portion of said stateful processing 
tasks on said intercepted packets, a last one in said series of said at 
least two secondary packet processors being coupled with said 
network and operative to selectively release said intercepted packet 
back to said network. 

2. The architecture of Claim 1, wherein said network further comprises a bi- 
directional network having an upstream flow and a downstream flow, said 
architecture further comprising at least two of said at least one primary processor 
and at least two of said at least one secondary processor, a first of said at least two 
primary and secondary processors being coupled with said upstream flow and a 
second of said at least two primary and secondary processors being coupled with 
said downstream flow. 
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3. The architecture of Claim 2, wherein said at least two secondary processors are 
capable of sharing state information between each other. 

4. The architecture of Claim 1 , wherein said at least two primary packet processors 
are coupled together and operative to share data. 

5. The architecture of Claim 4, wherein said at least two primary packet processors 
are coupled together with at least one co-processor. 

6. The architecture or Claim 5, wherein said co-processor comprises a classification 
co-processor. 

7. The architecture of Claim 5, wherein said co-processor comprises a content 
addressable memory. 

8. The architecture of Claim 1 , wherein said at least two secondary packet processors 
are coupled with said at least two primary packet processors and operative to share 
state information. 

9. The architecture of Claim 1, wherein said at least two secondary packet processors 
and said at least two primary packet processors comprise network processors. 

10. The architecture of Claim 9, wherein said network processor is capable of bi- 
directional operation and characterized by a bi-directional throughput, said 
architecture comprising utilizing said network processor uni-directionally wherein 
said bi-directional throughput is devoted to uni-directional processing. 

1 1 . The architecture of Claim 1 , wherein said stateless processing tasks comprise 
filtering said intercepted packets. 

12. The architecture of Claim 1, wherein one portion of said stateful processing tasks 
comprises inspection and analysis of said intercepted packets and another portion 
of said stateful processing tasks comprises performing an action on said 
intercepted packets. 



91 



92 



13. The architectiire of Claim 12, wherein said action comprises at least one or 
modifying, deleting, storing information about and releasing said intercepted 
packets. 

14. The architecture of Claim 1, wherein said packet interceptor is capable of 
interfacing with an optical network. 

15. The architecture of Claim 14, wherein said optical network is characterized by 
compliance with an OC-48 standard. 

16. The architecture of Claim 1, wherein said packet interceptor is capable of 
operating substantially at wire speed. 

17. The architecture of Claim 1, wherein said stateless and stateful processing tasks 
are capable of processing any portion of said intercepted packets. 

1 8. The architecture of Claim 1 , wherein said packet interceptor is coupled with said 
network via a router. 

19. The architecture of Claim 1 8, further comprising a router blade including said 
packet interceptor, said at least one primary processor and said at least one 
secondary processor 

20 . A method of intercepting and processing packets transmitted from a source to a 
destination over a network, said method comprising: 

(a) intercepting, selectively, said packets prior to receipt by said 
destination; 

(b) distributing said intercepted packets to at least two primary packet 
processors each operative to perform stateless processing tasks on said intercepted 
packets; 

(c) performing said stateless processing task in parallel by said at least 
two stateless packet processors; 

(d) receiving said intercepted packets from said at least two primary 
packet processors by a first secondary packet processor operative to perform a first 
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stateful packet processing task on said intercepted packets; 

(e) receiving said intercepted packets from said first secondary packet 
processor by a second secondary packet processor operative to perform a second 
stateful processing task on said intercepted packets; and 

(f) releasing, selectively, said intercepted packets. 

2 1 . The method of Claim 20, wherein said network further comprises a bi-directional 
network having an upstream flow and a downstream flow, said method further 
comprising performing (a)-(f) on each of said upstream and downstream flows 

■ independently. 

22. The method of Claim 21, further comprising: 

(g) sharing state information between said secondary packet processors 
of said upstream flow and said secondary packet processors of said downstream 
flow. 

23 . The method of Claim 20, wherein said at least two primary packet processors are 
coupled together, said method further comprising sharing data between said 
coupled at least two primary packet processors. 

24. The method of Claim 23, wherein said at least two primary packet processors are 
coupled together with at least one co-processor, said method further comprising 
executing a portion of said stateless processing task by said co-processor. 

25. The method or Claim 24, wherein said executing further comprises executing a 
portion of said stateless processing task by said co-processor comprising a 
classification co-processor. 

26. The method of Claim 24, wherein said executing further comprises executing a 
portion of said stateless processing task by said co-processor comprising a content 
addressable memory. 

27. The method of Claim 20, wherein said at least two secondary packet processors 
are coupled with said at least two primary packet processors, said method further 
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comprising sharing state information between said at least two primary packet 
processors and said at least two secondary packet processors. 

28. The method of Claim 20, wherein said at least two secondary packet processors 
and said at least two primary packet processors comprise network processors. 

29. The method of Claim 28, wherein said network processor is capable of bi- 
directional operation and characterized by a bi-directional throughput, said method 
comprising utilizing said network processor uni-directionally wherein said bi- 
directional throughput is devoted to uni-directional processing. 

30. The method of Claim 20, wherein said stateless processing tasks comprise filtering 
said intercepted packets. 

3 1 . The method of Claim 20, wherein said first stateful processing task comprises 
inspection and analysis of said intercepted packets and said second stateful 
processing task comprises performing an action on said intercepted packets. 

32. The method of Claim 31, wherein said action comprises at least one or modifying, 
deleting, storing information about and releasing said intercepted packets. 

33 . The method of Claim 20, where (a) further comprises intercepting said packets 
from an optical network. 

34. The method of Claim 33, wherein said optical network is characterized by 
compliance with an OC-48 standard. 

35. The method of Claim 20, said method further comprising performing (a) - (f) 
substantially at wire speed. 

36. The method of Claim 20, wherein said stateless and first and second stateful 
processing tasks are capable of processing any portion of said intercepted packets. 

37. An apparatus for intercepting and processing packets transmitted from a source to 
a destination over a network, the apparatus comprising: 
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means for selectively intercepting said packets prior to receipt by said 
destination; 

means for performing stateless processing tasks on said intercepted 
packets, said means including: 

parallel processing means for distributing and processing 
said intercepted packets in parallel; 
means for performing stateful processing tasks on said intercepted packets, 
said means including: 

serial processing means operative to distribute said stateful 
processing tasks on said intercepted packets and selectively release 
said intercepted packet back to said network. 

An apparatus for intercepting and processing packets transmitted from a source to 
a destination over a network, the apparatus comprising: 

a packet interceptor operative to intercept packets from said network; 

a packet processor coupled with said packet interceptor and operative to 
process said intercepted packets; and 

wherein said packet interceptor is further operative to filter said packets to 
determine which of said packets to intercept and said packet processor is further 
operative to monitor said intercepted packets for pre-defmed conditions and at 
least one of delete, modify and log packets which meet said pre-defined 
conditions. 



95 



